SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for blue.nus.edu.sg, survey.somerset.kctcs.edu, test-analytics.srt.umn.edu, analytics-srt.umn.edu, analytics-feedback.dohainstitute.edu.qa, gummitest.ursinus.edu, ces.uvic.ca, survey.udst.edu.qa, analytics-blue.nus.edu.sg, not for relay6.explore-blue.com
Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=hosting2.bluera.com
Issuer
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Valid From
May 04, 2026
Valid Until
November 18, 2026
187 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
50:3D:B0:82:D1:98:9B:98:E6:4F:F0:B1:84:4B:93:CD:3F:45:C2:0B:F2:26:A9:3A:75:89:4C:99:2A:77:76:66
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
50 domains
surveys-bc.ajman.ac.ae
surveys.ajman.ac.ae
analytics-survey.aubh.edu.bh
explorance.bellarmine.edu
hosting2.bluera.com
www.hosting2.bluera.com
survey.confederationcollege.ca
evals.dhge.org
analytics-feedback.dohainstitute.edu.qa
feedback-dev.durhamcollege.ca
feedback.durhamcollege.ca
coursequestionnaire.iu.edu
tst-coursequestionnaire.iu.edu
survey.somerset.kctcs.edu
evaluations-test-bc.lmu.edu
evaluations-test.lmu.edu
feedback-bc.louisville.edu
feedback.louisville.edu
eval.luther.edu
analytics-surveys.mbzuai.ac.ae
surveytest.mdis.edu.sg
evaluate-bc.mtroyal.ca
evaluate-test-bc.mtroyal.ca
evaluate-test.mtroyal.ca
evaluate.mtroyal.ca
analytics-blue.nus.edu.sg
analytics-blueuat.nus.edu.sg
blue.nus.edu.sg
blueuat.nus.edu.sg
blue-its.ocadu.ca
surveystest.pasadena.edu
studentfeedback.rdpolytech.ca
surveys-bc.rmit.edu.au
surveys-npe-bc.its.rmit.edu.au
surveys-npe.its.rmit.edu.au
surveys.rmit.edu.au
evaldev.ship.edu
analytics-survey.udst.edu.qa
survey.udst.edu.qa
analytics-srt.umn.edu
test-analytics.srt.umn.edu
analytics-devfeedback.uoguelph.ca
analytics-feedback.uoguelph.ca
gummitest.ursinus.edu
analytics-survey.uat.ust.hk
analytics-survey.ust.hk
survey.uat.ust.hk
ces-bc.uvic.ca
ces.uvic.ca
evals.wm.edu